AVEVA PI Data Archive products
are vulnerable to an uncaught exception that, if exploited, could allow
an authenticated user to shut down certain necessary PI Data Archive
subsystems, resulting in a denial of service.
AVEVA recommends that organizations evaluate the impact of these
vulnerabilities based on their operational environment, architecture,
and product implementation. Users with affected product versions should
apply security updates to mitigate the risk of exploit.
All affected versions of PI Data
Archive and PI Server can be fixed by upgrading to PI Server 2024 or
higher. From OSISoft Customer Portal https://my.osisoft.com/ , search for "AVEVA PI Server" and select version 2024 or higher.
For additional information please refer to AVEVA-2025-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ .
Configurations
Workarounds
AVEVA recommends that organizations evaluate the impact of these
vulnerabilities based on their operational environment, architecture,
and product implementation. Users with affected product versions should
apply security updates to mitigate the risk of exploit.
AVEVA further recommends users follow general defensive measures:
* Monitor liveness of PI Network Manager and PI Archive Subsystem services.
* Set the PI Network Manager and PI Archive Subsystem services to automatically restart.
* Limit Port 5450 access to trusted workstations and software.
* For a list of PI System firewall port requirements, see knowledge base article KB01162 - Firewall Port Requirements https://customers.osisoft.com/s/knowledgearticle .
* Impact and severity of vulnerabilities can be reduced through
industry accepted IT practices. Please consult your IT engineer for
advice on how to best implement these firewall restrictions in your
organization's architecture. OSIsoft technical support provides guidance
on architectural approaches, backup procedures, network defenses, and
operating system configuration.
* For a starting point on PI System security best practices, see knowledge base article KB00833 - Seven best practices for securing your PI Server https://customers.osisoft.com/s/knowledgearticle .
For additional information please refer to AVEVA-2025-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ .